Yesterday, a federal court held that a company’s financial losses for mis-wiring funds as a result of a phishing scam were not covered under a computer crime insurance policy. The decision, American Tooling Ctr. v. Travelers Cas. & Sur. Co. of Am., No. 16-12108 (E.D. Mich. Aug. 1, 2017) is another case in which financial losses resulting from a phishing scam were held to be unrecoverable under insurance.
In that case, the insured, American Tooling Center (“ATC”), was a tool and die manufacturer that outsourced some of its work to other die manufacturing companies overseas, including a vendor called Shanghai YiFeng Automotive Die Manufacture Co., Ltd. (“YiFeng”). As part of its normal business practice, ATC issued purchase orders to YiFeng, which in turn manufactured the requested dies. ATC paid YiFeng in stages based upon completion of certain milestones. To receive payment, YiFeng submitted its invoices to ATC by email. Once ATC verified that the milestone had been met, it wired the appropriate payment to YiFeng. Id. at 2.